ArchLinux: 202106-20: inetutils: arbitrary code execution
Summary
- CVE-2019-0053 (arbitrary code execution)
inetutils before version 1.9.4.90 contains a stack overflow
vulnerability in the client-side environment variable handling which
can be exploited to escape restricted shells on embedded devices. A
stack-based overflow is present in the handling of environment
variables when connecting telnet.c to remote telnet servers through
oversized DISPLAY arguments.
- CVE-2020-10188 (arbitrary code execution)
A vulnerability was found in inetutils before version 1.9.4.91 where
incorrect bounds checks in the telnet server’s (telnetd) handling of
short writes and urgent data could lead to information disclosure and
corruption of heap data. An unauthenticated remote attacker could
exploit these bugs by sending specially crafted telnet packets to
achieve arbitrary code execution in the telnet server.
Resolution
Upgrade to 2.0-1.
# pacman -Syu "inetutils>=2.0-1"
The problems have been fixed upstream in version 2.0.
References
https://bugs.archlinux.org/task/70040 https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=1480573a908254662074865406ac6fbde4694e5d https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=07fdb4201a3a5e6df92c0929c65671ce4ba8af5a https://bugzilla.redhat.com/show_bug.cgi?id=1811673 https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=cd7e7e685daeafb68f19347747af6340731a4518 https://security.archlinux.org/CVE-2019-0053 https://security.archlinux.org/CVE-2020-10188
Workaround
None.